MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6feca5fff7a7a08ed572eed6241b0d07bc7b4cebe114e076be426badfc9e439b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6feca5fff7a7a08ed572eed6241b0d07bc7b4cebe114e076be426badfc9e439b
SHA3-384 hash: 0c15dd08b828ae40a86a848c22fe008f4e229dc5245af4615cf8b59765c656fb1aa3a751a816ffd1661c2b4ecd846940
SHA1 hash: 68d19bd230b657db275ee5fb3dd27552bd5c9081
MD5 hash: 0dd563760b2166ddcc661759dfb62ec3
humanhash: oregon-oxygen-alaska-magnesium
File name:OOCS DI 20201156.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 16:19:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 401496c24c0f17d805cb39fba6623b58 (5 x GuLoader)
ssdeep 768:w5s5v/msP2Xkt25aC9xAPRdCocqYr8EtHR9ZQ/VVU8NlB2Hx:75XmsP2Ut2fAPnFcqs8EnQNC86
Threatray 176 similar samples on MalwareBazaar
TLSH BE932A46B3D4F936E2528AF21B69AFA8155AFC301D41D94379C43F1D2B3AB12F42132B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: smarthost3-dkim.w-w.cz
Sending IP: 77.78.109.211
From: Lockett Chris <chris.lockett@woodside.com.au>
Subject: Re: Cracker Barrel - OOCS DI
Attachment: OOCS DI 20201156.iso (contains "OOCS DI 20201156.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.20350.2322.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:36:59 UTC
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=n7wkl77xu6qi5vls53lcigyna66hwthl4ekoa5v6ijv237e6ionq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2679b68e7d2bc1eff0bb4969fc23081d38f08b72510107adcb18a2ffaa9ffca8
GuLoader
30ffce543f13fce23c61f63f8a6783b1c3be723377cb13e13bf033cbff8b904b
GuLoader
35de9956cb66110ef820db84e9eb9af8ea161f63a7ccfceb482c21299db67e9d
GuLoader
720004239ef0cb716b2f0d8793cfe7fb06d408cd5c598a6c726aab7f21c0bad0
GuLoader
87fdcca436e0e9e220acb51332720668c04460d48d1791368e734c1539bd1f77
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c22798f361a044104ff74ee848901f492c204cc185bcd865598677ddd62021b2
GuLoader
e44cb40eff38efdf851b40d465ffd44552597c19efa887c90e524fd2b3bca086
GuLoader
e93ac690642535aadb1a9a22f348c5fbb54e7ba04fc1d02235bc9415d72c466f
GuLoader
f8707020bc0b78ae0fab3bd9794993c4cae406d9f13fcb6098f3321cb6bba515
GuLoader
+ 166 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4zmkthk372/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

953ffd1fc492faf535fdc8293f713e31

GuLoader

Executable exe 6feca5fff7a7a08ed572eed6241b0d07bc7b4cebe114e076be426badfc9e439b

(this sample)

  
Dropped by
MD5 953ffd1fc492faf535fdc8293f713e31
  
Delivery method
Distributed via e-mail attachment

Comments